Title: Legal Aspects of IO
1College of Aerospace Doctrine, Research, and
Education
Legal Aspects of IO IW 230
2The Big Picture
- The law lags evolution of technology
- Find answers in existing principles
- Our actions affect evolution of the law
- Shape legal framework to further national
interest - Governmental actors must consider spirit not just
letter of the law
3AFDD 2-5
INFORMATION SUPERIORITY
INFORMATION OPERATIONS
Successfully executed Information
Operations achieve information superiority
4Information Operations
- Joint Actions taken to affect adversary
information and information systems while
defending ones own information and information
systems - Offensive and Defensive IO
- The Air Force believes that in practice a more
useful working definition is - those actions taken to gain, exploit, defend, or
attack information and information systems - Information Warfare and Information-In-Warfare
5Information Warfare
- Information operations conducted during time of
crisis or conflict to achieve or promote specific
objectives over a specific adversary or
adversaries. The Air Force believes that,
because the defensive component of IW is always
engaged, a better definition is Information
operations conducted to defend ones own
information and information systems, or to attack
and affect an adversarys information and
information systems. -
AFDD 2-5, Aug 98 -
6USSPACECOM DoDs Lead for CND and CNA
- JTF CND
- Chartered in 1998 as an interim organization to
handle coordination of DoDs Computer Network
Defense - JTF CNO
- CINCSPACE received the mission for Computer
Network Attack in Oct 00 - Decision to expand JTF CND
- 2 Apr 2001, JTF redesignated JTF Computer
Network Opertions
7 The Future
- It seems to me that, philosophically, rather
than conducting information operations as ends in
themselves, we want to operate in the
information age. By that I mean integrating,
and not stovepiping, the various areas of
information operations into our overall military
plans and operations. - --General Ed Eberhart, USCINCSPACE
8AF Future Capabilities Game 2001 An Introduction
to Network Warfare of the Future
- Computer Network Operations
- Computer Network Defense
- Computer Network Exploitation
- Computer Network Attack
9CNO Taxonomy
- Computer Network Defense
- Those measures, internal to the protected entity,
taken to protect and defend information,
computers and networks from intrusion,
exploitation, disruption, denial, degradation or
destruction.
10CNO Taxonomy
- Computer Network Defense
- Actions taken to protect, monitor, analyze,
detect, and respond to unauthorized activity
within . . . information systems and computer
networks. (DoDD O-8530.1) - Defensive measures to protect and defend
information, computers, and networks from
disruption, denial, degradation, or destruction.
(JP1-02)
11CNO Taxonomy
- Computer Network Attack
- Operations using computer hardware or software,
or conducted through computers or computer
networks, with the intended objective or likely
effect of disrupting, denying, degrading or
destroying, information resident in computers or
computer networks, or the computers and networks
themselves.
12CNO Taxonomy
- Active CND (Computer Network Response)
- Those measures, that do not constitute CNA, taken
to protect and defend information, computers, and
networks from disruption, degradation, denial,
destruction, or exploitation, that involve
activity external to the protected entity. CNR,
when authorized, may include measures to
determine the source of hostile CNA or CNE.
13CNO Taxonomy
- Computer Network Exploitation
- Intelligence collection operations that obtain
information resident in files of threat automated
information systems (AIS) and gain information
about potential vulnerabilities, or access
critical information resident within foreign AIS
that could be used to the benefit of friendly
operations. - (CJCSI 6510.01C)
14Overview
- Part I Computer Network Defense (CND)
- Computer Monitoring
- Computer Crime
- Active Defense / Computer Network Response
- Part II Computer Network Attack (CNE/CNA)
- Development of International Law
- The Use of Force in Peacetime
- US/Foreign Domestic Laws
- The Law of War
15Part I Computer Monitoring (Part of CND)IO Law
Outline, p. 1-15
- System Administrators
- Monitoring, Encryption, Intelligence Oversight
- Law Enforcement / FISA
- Intelligence Community
16NATIONAL CRITICAL INFRASTRUCTURES
TRANSPORTATION
ENERGY
DEFENSE
TELECOMMUNICATION
BANKING
Information Infrastructure
17Information Security--Monitoring
- One of the first lines of defense in protecting
AF information systems - Monitoring performed for different reasons by
different actors - systems protection / network professionals
- operational security / TMAP assets
- evidentiary interception / law enforcement
investigators
18Analytical Blueprint
- Analysis starts with the three Ws
- Who?
- What?
- Why?
- Different ROEs based on answers
- Law Enforcement interceptions
- Intel-counterintel surveillance
- Systems protection monitoring
19Monitoring Legal Constraints
- 4th Amendment Right to Privacy
- Electronic Communications Privacy Act
20Legal Principles--Constitutional Law
- Fourth Amendment prohibition against Unreasonable
Search Seizure - Protects people not places
- Is there a reasonable expectation of privacy?
- If so, is the search reasonable?
- Governed by totality of circumstances
- Degree of protection proportional to expectation
of privacy - Summary of Case Law, p. 1-37
21U.S. v. Monroe(AFCCA Feb 5, 1999)
- Court found Monroe had no expectation of privacy
in an e-mail account on a government server as to
his supervisors and the system administrator
(Banner) - E-mail accounts were given for official business,
although users were authorized to send and
receive limited textual and morale messages to
and from friends and family - Monroe did not have a government computer, but
had a personal computer in his dorm room
22Monroe...
- Court used the analogy of an unsecured file
cabinet in the members superiors work area in
which an unsecured drawer was designated for
his/her use in performing his/her official duties
with the understanding that his superiors had
free access to the cabinet, including the drawer
- Affirmed by CAAF, 13 March 2000
23Electronic Communications Privacy Act (ECPA)
- Statutorily conferred an expectation of privacy
in electronic and wire communications - Interception of electronic communications
- Access into stored communications
- Generally prohibits interception of electronic
communications, or access into stored
communications, without court order - aimed at law enforcement
- numerous exceptions
- systems provider exception
- consent
- court order
24ECPA Rights and Limitations
- May monitor and disclose traffic data
- May access electronic communications stored on
his or her system - May disclose the contents of those communications
to others unless he or she is providing
electronic communications services to the public
25Real Time Monitoring-- The provider exception
- May monitor in real-time (and thereafter
disclose) wire and electronic communications, - so long as such monitoring and disclosure is
conducted in the normal course of his employment
- while engaged in any activity which is a
necessary incident to the rendition of his
service or to the protection of the rights or
property of the provider of that service.
26Disclosure to Law Enforcement
- May disclose real-time communications he or she
has monitored (or stored communications he or she
has accessed) with the consent of an appropriate
party, normally an individual who is a party to
the communication, or when - Evidence of crime is apparent and inadvertantly
obtained
27PATRIOT Act of 2001 IO Law Outline, p. 1-17
- Section 212 of the amends subsection 2702(b)(6)
(ECPA) to permit, but not require, a service
provider to disclose to law enforcement either
content or non-content customer records in
emergencies involving an immediate risk of death
or serious physical injury to any person. - This section also allows providers to disclose
information to protect their rights and property.
28PATRIOT Act of 2001IO Law Outline, p. 1-18
- Although the wiretap statute allows computer
owners to monitor the activity on their machines
to protect their rights and property, until
Section 217 of the Patriot Act was enacted it was
unclear whether computer owners could obtain the
assistance of law enforcement in conducting such
monitoring
29Consent Banners are our friend
- Promotes awareness for users (ECPA exceptions not
necessarily obvious) - 2nd exception under ECPA
30Limits on Consent
- Defined by what banner says
- Limited to providers own network
- Duration must be short term, then get Wiretap
Order (DoJ)
31OPSEC/COMSEC SurveillanceIO Law Outline, p. 1-19
- AFI 33-219
- authority given only to HQ AIA TMAP elements
- consent monitoring / banners
- certification process
- SJA must review detailed summary of consent
notification actions - determines if actions legally sufficient to
constitute consent
32ROEs--Search (cont)
- Is the search/seizure reasonable?
- consent
- search authorization or warrant
- AFOSI vs Security Forces
33ROEs--Interceptions
- AFI 71-101, Vol 1 Requires Approval for
Interceptions - AFOSI/CC
- SAF/GC
- DOJ (nonconsensual)
34Tips on Handling Computer Abuse Cases
- SYSAD usually identifies govt. I.P. addresses
where abuse taking place - Does Not Need to Monitor Real-Time
- Appropriate commander/senior leader should be
briefed, then assemble all users to notify them
of impropriety, warn - If it continues, SYSAD, commander, and SF can
mount a sting to catch perp in the act
35Computer CrimeIO Law Outline, p. 1-23
- Federal Computer Crime Statutes
- 18 USC 1029, 1030
- 18 USC 1028 (Identity Theft)
- 18 USC 2251, 2252, 2252A (Sexual Exploitation of
Children) - 18 USC 2511, 2701 (Wiretap Statute and ECPA)
- UCMJ Articles
- General Article (134)
- Failure to Obey Order or Regulation (92)
36USA PATRIOT ACT of 2001
- Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and
Obstruct Terrorism Act
37Nationwide Search Warrants for E-mail Sec 220
- Old Search warrant needed to compel disclosure
of unopened e-mail less than six months old in
Electronic Computing Service or Remote Computing
Service (i.e. ISP) - Had to be issued by court within district where
e-mail was stored
- New nationwide search warrants for e-mail
- Allows court with jurisdiction over the offense
to issue single search warrant - Subject to sunset
38Intercepting Voice Comms in Hacking Cases Sec
202
- Old Could not get wiretap order to intercept
wire communications (involving human voice) for
violations of the Computer Fraud and Abuse Act
(18 U.S.C. 1030) - Hackers have stolen teleconferencing services to
plan and execute hacks
- New Adds felony violations of Computer Fraud
and Abuse Act to list of offenses that support a
voice wiretap order - Sunsets December 2005
39 Obtaining Voice-mail and Stored Voice Comms Sec
209
- Old LE could use search warrant for voice
recording on answering machine inside criminals
home (easier), but needed wiretap order for
voice comms with a third party provider
- New Stored voice (wire) comms acquired under
18 USC 2703 (including search warrant) - Sunsets December 2005
40Subpoenas for Electronic Evidence Sec 210
- Old Subpoena limited to customers name,
address, length of service, and means of payment - In many cases, users register with ISPs under
false names
- New Update and expand records available by
subpoena - Old list, plus means and source of payment,
credit card or bank account number, records of
session times and durations, and any temporarily
assigned network address - Not subject to sunset
41Intelligence Oversight
- Improved Intelligence
- Inclusion of international terrorist activities
within scope of foreign intelligence under the
National Security Act of 1947. - Law enforcement to notify the intelligence
community when a criminal investigation reveals
information of intelligence value. - Reconfigures the Foreign Terrorist Asset Tracking
Center.
42FISA Elec SurveillanceSec. 218
- Old required certification that obtaining
foreign intelligence was the purpose of search - FISA Court interpreted to mean primary purpose of
investigation was obtaining foreign intelligence
and not criminal prosecution
- New obtaining foreign intel is a significant
purposeof the search - Allows intelligence agents to better coordinate
with criminal investigators - Subject to sunset
43What is Active Defense?
- Approved joint term in DoD Dictionary
- Active Defense The employment of limited
offensive action and counterattacks to deny a
contested area or position to the enemy. - Passive Defense Measures taken to reduce the
probability of and to minimize the effects of
damage caused by hostile action without the
intention of taking the initiative. - No consensus in computer network context
44The fact is that right now my authority for
active defense measures is very limited. I
believe in this area the wisest course of action
is to pursue the policy and procedural issues at
or ahead of the pace of technological
capabilities, because whether or not to use an
attack as an active defense measure or as a
weapon system is a decision that needs to be
operationally defined at the national policy
levels first and foremost. Maj Gen James Bryan,
JTF-CND/CC, Federal Computer Week, 4 Dec 2000
45DoD Deploys Cyber-DefenseDefense News, November
12-18, 2001, Pg.
- Faced with a near doubling of attacks on military
computers in the past year, the guardian of the
U.S. militarys information systems has asked
Pentagon leaders for permission to strike back. - "We are no longer going to be passive. If they
hit us, well be hitting them back real soon,"
U.S. Army Maj. Gen. Dave Bryan, commander, Joint
Task Force-Computer Network Operations (JTF-CNO),
46Part II Computer Network Attack (CNA)IO Law
Outline, p. 1-42
- Development of International Law
- The Law of War
- The Use of Force in Peacetime
- Space Law
- Telecommunications Law
- US/Foreign Domestic Laws
47Development of International Law
- Consists of Binding Legal Obligations among
Sovereign States - Sovereign States are Legally Equal and
Independent Actors - They Assume Legal Obligations only by
Affirmatively Agreeing To Do So - General Rule Unless Prohibited by Law a Course
of Action is Allowed
48Internatl Development Of Territoriality in Air
Space
- Air Law Post WW II
- Sovereign Control Over National Airspace
- Space Law Post Sputnik I Explorer I
- No Objections to Overflight of Spacecraft
- Reconnaissance Satellites OK
- Outer Space Treaty Enshrines Principle
- Information Operations??
49United Nations Charter
- The first use of armed force by a stateshall
constitute prima facie evidence of an act of
aggression - What kinds of information attacks are likely to
be considered by the world community to be armed
attacks and uses of force? - Peacetime Rules of Engagement
50United Nations Charter--1945
- Article 2(4)
- Refrain From the Threat or Use of Force Against
the Territorial Integrity of Any State, or in Any
Manner Inconsistent With the Purposes of the UN - Article 51
- Inherent Right of Self-Defense Recognized When an
Armed Attack Occurs - Space Control -- Information Operations?
51Use of Force Authorized?
- Authorized by UN Security Council
- Self-defense
- Humanitarian intervention
- Treaty-sanctioned interventions
- Enforcement of international judgments
52What is Force?
- The traditional view is that force means armed
force, rather than other potentially coercive
vehicles of state policy - Negotiating history of UN Charter
- UNGA Resolution on Aggression
- Nicaragua v. United States
53Chinas Unrestricted Warfare
- This kind of war means that all means will be in
readiness, that information will be omnipresent,
and the battlefield will be everywhere. It means
that all weapons and technology can be
superimposed at will that all the boundaries
lying between the two worlds of war and nonwar,
of military and nonmilitary, will be totally
destroyed the rules of war may need to be
rewritten.
54Does CNA Force?
- Focus on Consequences of CNA
- Consider Severity/Nature
- No Bright Lines
- Some Tools/Targets May Constitute Force
55International Law
- Triggers for self-defense right?
- Intruder defeats security and gains entry into
computer systems - Significant damage to attacked system or data
- System is critical to national security
- Intruders conduct or context clearly manifests
malicious intent
56Computer Responses
- Launching responsive CNA to disable intruders
equipment - May not defeat state-sponsored ops
- May serve as shot across the bow
- Useful for shaping conflict
- Reciprocal
57Kinetic Responses
- Response to CNA need not be CNA
- Lack of target, access etc. may limit options
- Traditional LOAC analysis
- Military necessity
- Proportionality
58Attribution
- Huge technical challenge
- Intelligence data/analysis critical
- Links to other events
- State sponsored or not?
- Identity and intent
59Remedies
- If not state-sponsored, law enforcement
authorities are primary response - If nation unable or unwilling to prevent
recurrence, use self-defense - Providing safe refuge can be complicity
- Complicity can be state action
60Legal/Policy Considerations
- Continuing threat to national security
- Demonstration of resolve
- World opinion
- Reciprocity
61Domestic Law-No Military Exclusion
- 18 USC 1367 Felony to intentionally or
maliciously interfere with a communications or
weather satellite, or to obstruct or hinder any
satellite transmission. - 10 USC 1030 Misdemeanor to intentionally access
a computer without authorization or exceed access
62Domestic Law (cont)
- 18 USC 2511 prohibits intercept and disclosure
of wire, oral, electronic communications. - FISA exception
- DOJ/GC opinion domestic criminal law does not
apply to actions of US military members executing
instructions of the NCA
63LOAC Customary Legal Principles and IW
- Military Necessity
- Distinction
- Proportionality (possible problem)
- Humanity (unlawful weapons)
- Chivalry (Perfidy)
- Law of Neutrality
64Military Necessity
- Military Infrastructures Lawful Target
- Purely Civilian Infrastructure Unlawful,
Maybe... - Stock Exchanges
- Banks
- Universities
65Distinction
- Combatants vs. Noncombatants
- Computer Network Attack
- Our cyber-warriors are required to be part of
military - Attack from .mil??
66Proportionality
- During Desert Storm one of the earliest targets
was the electrical power system - Lawful target military use
- Iraqi response Coalitions attack constituted
attempted genocide - Citys sewage system backed up, threat of
epidemic disease
67Humanity Unlawful Weapons
- Illegal Per Se (by Treaty)
- Poisons
- Glass projectiles
- DumDum Bullets
- Illegal by treaty because of indiscriminate
effects - Biological/Bacteriological weapons
- Chemical weapons
68Indiscriminate Weapons?
- Lasers (earth/space based)
- Malicious Logic
- Worms/Viruses
- EMP Devices
69Chivalry
- The waging of war in accordance with
well-recognized formalities and courtesies - Permits lawful ruses and stratagems intended to
lawfully mislead the enemy - Prohibits perfidy -- treacherous acts intended to
take unlawful advantage of the enemys good
faith - What about taking over your enemys computer
network - to send supplies to the wrong place?
- to declare an end to the war?
70PerfidyImproper use of
- Flags of Truce
- Protected Status
- Distinctive Emblems
- Uniforms of Neutrals
71Law of Neutrals
- - Neutrality by a State means refraining from all
hostile participation in the armed conflict - - It is the duty of belligerents to respect the
territory and rights of neutral States
Austria
Jordan
Switzerland
72Hague V, Art. 1
- Prohibits any unauthorized entry into the
territory of a neutral State, its territorial
waters, or the airspace over such areas by troops
or instrumentalities of war - If one belligerent enters neutral territory, the
other belligerent, or neutral State may attack
them there
73Law of Neutrals
- Neutrality under UN Charter?
- 1907 Hague Convention--Facilities are provided
impartially to both sides - Systems that generate information v. merely relay
communications
74Summary
- Interplay of different International Law Regimes
- If it is not prohibited, it is permitted
- What we do will have tremendous effect on how
this area of the law develops
75Relevant Directives (To name a few!)
- PDD 62, Combating Terrorism
- PDD 63, Critical Infrastructure Protection
- JP3-13, Joint Doctrine for Information Operations
- DoDD S 3600.1, Information Operations
- DOD Memorandum on Web Site Administration, 7 Dec
98 - DOD Memorandum on Communications Security and
Information Systems Monitoring, 27 Jul 97 - AFDD 2-5, Information Operations
- AFI 33-129, Transmission of Information via the
Internet - AFI 33-119, Electronic Mail Management and Use
- AFI 33-219, Telecommunications Monitoring and
Assessment Program - AFI 14-104, Intelligence Oversight
- TJAG Policy Letter 31, Legal Information Services